Let's sat for example that I have a laptop with just one hard drive running Windows 10. The Laptop's C:\ (boot) drive is encrypted using Bitlocker, and it set up to ask for a PIN on start to decrypt the drive and load the OS.
Is there such a thing (or would it be theoretically possible) as a purely software keylogger that could record the bitlocker PIN after a cold boot?
We are looking at security cases for USB drive vs PIN bitlocker unlocking.